CVE-2022-45093 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-45093 PUBLISHED

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

EPSS 3.76% · 87.9th percentile

Risk Scores

EPSS Score

3.76%

87.9th percentile

Affected Products

Vendor	Product	Versions
NodeJS	Node	4.0, 5.0, 6.0

Timeline

Jan 10, 2023 CVE Published
Jan 11, 2023 EPSS Score
Feb 20, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 12, 2023 EPSS Score
Jun 21, 2023 EPSS Score
Jul 31, 2023 EPSS Score
Oct 20, 2023 EPSS Score
Nov 29, 2023 EPSS Score
Jan 8, 2024 EPSS Score
Feb 18, 2024 EPSS Score
May 8, 2024 EPSS Score

References

https://cert-portal.siemens.com/productcert/html/ssa-936212.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-482757.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-332410.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-476715.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-431678.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-997779.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-592007.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-349422.html advisory
https://cert-portal.siemens.com/productcert/html/ssa-496604.html advisory
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ url
https://hackerone.com/reports/1524555 url
FEDORA-2022-52dec6351a vendor-advisory
FEDORA-2022-1667f7b60a vendor-advisory
FEDORA-2022-de515f765f vendor-advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf url
DSA-5326 vendor-advisory

Open in Interactive Console →